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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 22 September 2004 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
. Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) B Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Drattsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of lnformal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 12022004 



Application/Control Number: 09/871 ,778 Page 2 

Art Unit: 2124 

Response to Amendment 

1 . This action is in response to the amendment received on 09/22/2004. 



Drawings 

2. The drawings were received on 06/01/2001. These drawings are acceptable by the 
examiner. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

2. Claim 1, 2, 5, 8, 9, 14, and 15 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US Patent No. 6,601,1 14 to Bracha et al, hereinafter called Bracha. 
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Per claims 1 and 2: 

Bracha disclose: 

A code verification system (col. 7, lines 55-56 "instructions verification within the verify 
instructions step") 

- memory for storing (col. 10, line 53 "storage device into memory 55 ); a compiled program 

(col. 10, lines 46-47 "instructions typically generated by a compiler 5 ') and 
- a code verifier configured to analyze instructions of said program (col. 10, line 62 
"verification is performed by the JVM 55 and col. 10, lines 65-66 "verification includes 
identifying. . . instruction sequence 55 ) and to generate a plurality of type signatures based 
on said instructions (col. 17, lines 30-32 "pre-verification constraints... stored... or the 
module itself, or both... have attached a signal, such as a digital signature 55 ), each of said 
type signatures indicating each input type constraint and each output type description for 
a respective one of said instructions (col. 17, lines 33-35 "can be used to reliably 
identify the source of the module or constraints and indicate whether they may have 
been tampered with since being signed 55 ), wherein said code verifier is configured to 
detect a type error by analyzing said type signatures (col. 17, lines 36-37 "intra-module 
verification checks of validity... during conventional verification 55 ). 

Per claim 5: 

Bracha disclose: 

- memory for storing a compiled program (col. 10, line 53 "storage device into memory 55 
and col. 10, lines 46-47 "instructions typically generated by a compiler 55 ); and 
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a code verifier configured to analyze a code block of said program (col. 10, line 62 
"verification is performed by the JVM" and col. 10, lines 65-66 "verification includes 
identifying.. . instruction sequence") and to translate instructions within said code block 
into a plurality of type signatures (col. 17, lines 30-32 "pre-verification constraints. . . 
stored. . . or the module itself, or both. . . have attached a signal, such as a digital 
signature"), said code verifier further configured to compose said type signatures into a 
single composed type signature and to detect a type error by analyzing said type 
signatures (col. 17, lines 36-37 "intra-module verification checks of validity... during 
conventional verification") 



Per claims 8, 9, 14, and 15: 

Bracha disclose: 

storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler"); 

generating a plurality of type signatures based on instructions within said program (col. 
17, lines 30-32 "pre-verification constraints. . . stored. . . or the module itself, or both. . . 
have attached a signal, such as a digital signature"), each of said type signatures 
indicating each input type constraint and each output type description for a respective one 
of said instructions (col. 17, lines 33-35 "can be used to reliably identify the source of the 
module or constraints and indicate whether they may have been tampered with since 
being signed"); 
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- analyzing said type signatures; and detecting a type error based on said analyzing step 
(col. 17, lines 36-37 "intra-module verification checks of validity... during conventional 
verification 55 ) 

Substantially as claimed. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is hot identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

4. Claim 3, 4, 6, 7, 10-13, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bracha in view of US Patent No. 6,092,147 to Levy et al., hereinafter called Levy. 

Per claim 11: 
Bracha disclose: 

- storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler");, said compiled program 
having at least one code block that includes a plurality of instructions (col. 9, lines 50-55 
"a compiler 164 which compiles the source code 162 to produce one or more modules 
165, 166 containing instructions such as VM instructions, and a processor such as a 
virtual machine (VM) 167 which takes one or more modules 165, 166 as input and 
executes the program they generate"); 
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- translating said instructions into a plurality of type signatures (col. 17, lines 30-32 "pre- 

verification constraints. . . stored. . . or the module itself, or both. . . have attached a 
signal, such as a digital signature"); 

- analyzing said type signatures (col. 10, line 62 "verification is performed by the JVM" 

and col. 10, lines 65-66 "verification includes identifying... instruction sequence"); and 
detecting a type error based on said analyzing step (col. 17, lines 36-37 "intra-module 
verification checks of validity... during conventional verification") 

Bracha does not explicitly disclose composing said type signatures into a single composed type 
signature. 

However, Levy discloses in an analogous computer system composing said type 
signatures into a single composed type signature (col. 7, lines 25-26 "authenticity verifier 82... 
compute a proof of authenticity on the bytecode(s) received from the outside world" and col. 7, 
lines 32-34 "a message authentication code of a pre-defined form computed with a block-cipher 
algorithm, or a digital signature of a pre-defined form computed with an asymmetric algorithm"). 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 
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Per claims 3, 7, 10, 13, and 16: 

The rejection of claim 1, 5, 10, and 1 1 is incorporated, respectively, and further, Bracha disclose: 

- wherein said code verifier is further configured to analyze said program and to group 
instructions of said program into a plurality of code blocks (col. 18, lines 62-65 "FIG. 8 
shows how a module, which has been verified one-module-at-a-time before run time") 

- wherein said code verifier is configured to translate said code blocks into type signature 
blocks (col. 17, lines 40-42 "substantially complete module-by-module pre-verification 
can be performed for the intra-module checks" and col. 17, lines 30-32 "pre- verification 
constraints. . . stored. . . or the module itself, or both. . . have attached a signal, such as a 
digital signature") 

- each of said type signature blocks having one or more type signatures (col. 17, lines 31- 
32 "module itself, or both... have attached a signal, such as a digital signature"), 

Bracha does not explicitly disclose said code verifier further configured to compose the type 
signatures of each of said type signature blocks into a single respective composed type signature. 

However, Levy discloses in an analogous computer system said code verifier further 
configured to compose the type signatures of each of said type signature blocks into a single 
respective composed type signature (col. 7, lines 25-26 "authenticity verifier 82... compute a 
proof of authenticity on the bytecode(s) received from the outside world" and col. 7, lines 32-34 
"a message authentication code of a pre-defined form computed with a block-cipher algorithm, 
or a digital signature of a pre-defined form computed with an asymmetric algorithm"). 
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Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 

Per claim 4: 

The rejection of claim 3 is incorporated, and further, Bracha disclose: 

- said code verifier further configured to make a determination as to whether an input type 
constraint of said first type signature is acceptable to an output type description of said 
second type signature (col. 17, lines 33-35 "can be used to reliably identify the source of 
the module or constraints and indicate whether they may have been tampered with since 
being signed") 

said code verifier further configured to detect said type error based on said determination 
(col. 17, lines 36-37 "intra-module verification checks of validity... during conventional 
verification") 

Bracha does not explicitly disclose wherein said code verifier, in composing one of said type 
signature blocks, is configured to compose a first type signature with a second type signature to 
form a single composed signature, said first and second type signatures included within said one 
type signature block. 
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However, Levy discloses in an analogous computer system wherein said code verifier, in 
composing one of said type signature blocks, is configured to compose a first type signature with 
a second type signature to form a single composed signature, said first and second type 
signatures included within said one type signature block (col. 7, lines 25-26 "authenticity verifier 
82. . . compute a proof of authenticity on the bytecode(s) received from the outside world" and 
col. 7, lines 32-34 "a message authentication code of a pre-defined form computed with a block- 
cipher algorithm, or a digital signature of a pre-defined form computed with an asymmetric 
algorithm"). 

The feature of composing signature blocks would be obvious for the reasons set forth in 
the rejection of claim 3. 

Per claims 6 and 12: 

The rejection of claim 5 and 1 1 is incorporated, respectively, and further, Bracha disclose: 
- wherein said code verifier is further configured to detect said type error by comparing 
said type descriptions (col. 17, lines 36-37 "intra-module verification checks of 
validity... during conventional verification") 

Bracha does not explicitly disclose wherein one of said type signatures includes a type 
description indicative of a type of an input consumed by one of said instructions when said one 
instruction is executed, wherein another of said type signatures includes a type description 
indicative of a type of an output produced by another of said instruction when said other 
instruction is executed. 
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However, Levy discloses in an analogous computer system wherein one of said type 
signatures includes a type description indicative of a type of an input consumed by one of said 
instructions when said one instruction is executed (col. 7, lines 35-38 "The authenticity verifier 
82 ensures that no bytecode(s) may reach the VM 78 or be executed by the VM unless the 
authenticity verifier has first successfully verified the authenticity of such bytecode(s) 55 ), wherein 
another of said type signatures includes a type description indicative of a type of an output 
produced by another of said instruction when said other instruction is executed (col. 8, line 65 to 
col. 9 line 1 "a proof of authenticity may be generated, as described above, and the proof of 
authenticity may be appended to the verified bytecode(s) to produce an authenticated bytecode 
file 55 ). 

The feature of signatures including type description of input/output would be obvious for 
the reasons set forth in the rejection of claim 3. 

Response to Arguments 
1. Applicant's arguments with respect to claims 1, 5, 8, and 1 1 have been considered but 
they are not persuasive. 
In the remarks, the applicant has argued that: 

(i) For claims 1,5, and 8 cited reference does not suggest the limitations (1) generating a 
plurality of signatures based on said instructions, (2) each type signature indicating each 
input type constraint, and (3) each type signature indicating each output type description for a 
respective one of said instructions. 
Examiner's response: 
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(i) Regarding the limitations as cited in claims 1,5, and 8 applicant agrees that Bracha does 
disclose the verification process of module/class using the digital signature (applicant's 
amendment, page 10). Bracha verifies module-by-module using digital signature at pre- 
runtime in which it would be obvious to verify the instructions within the module/class. 
Thus, Bracha does disclose the limitations cited in the claims. Applicant only makes general 
allegations do not point out any errors in the rejection. Therefore, the rejection is proper and 
maintained herein. 

In the remarks, the applicant has argued that: 

(ii) For claim 1 1 combination of Bracha and Levy does not teach or suggest the limitation 
translating said instructions into a plurality of type signature and composing said type 
signatures into a single composed type signature as claimed. 

Examiner's response: 

(ii) Regarding the limitations as cited in claim 1 1. It is noted that the rejection clearly points 
out where the combination of Bracha and Levy teach the claimed features and why it would 
have been obvious to combine their teachings (see previous office action). Applicant only 
makes general allegations do not point out any errors in the rejection. Therefore, the rejection 
is proper and maintained herein. 



Conclusion 

2. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Satish S. Rampuria 

Patent Examiner ^L^-z^ys^J LA^t 
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